I'm not aware of any MUA that supports DANE. I'm also not sure there exists an
RFC that notes how an MUA should use DANE for submitting messages. I suppose
that doesn't preclude one from using DNSSEC to ensure the records are signed,
but am not aware of a document that creates something like a
On Sun, Oct 22, 2023 at 12:48:26PM +0300, Mary via mailop wrote:
> from what I understand, this is a government issued wiretapping against
> that specific services/servers (hosted by Hetzner and Linode in Germany?)
> and not a general TLS exploit.
On what evidence do you base that understanding?
On Sun, Oct 22, 2023 at 08:56:26PM +, Gellner, Oliver via mailop wrote:
> > On 22.10.2023 at 15:06 Philip Paeps via mailop wrote:
> > On 2023-10-22 14:34:39 (+0530), Slavko via mailop wrote:
> >> while not directly about email, recently was published details
> >> about success MiTM attack agai
On 22/10/2023 16:08, Slavko via mailop wrote:
Hmm, and what about MUAs?
Without MUA-STS, it's up to the MUAs and only MUAs to enforce connection
security. The next step after that would be some kind of pinning.
Some have suggested DANE+DNSSEC, but DNSSEC operators can be coerced
just as muc
> On 22.10.2023 at 15:06 Philip Paeps via mailop wrote:
>
> On 2023-10-22 14:34:39 (+0530), Slavko via mailop wrote:
>> while not directly about email, recently was published details
>> about success MiTM attack against XMPP server, the attacker
>> was able to decrypt TLS communication without no
Dňa 22. októbra 2023 19:18:33 UTC používateľ Jeroen via mailop
napísal:
>...most MTAs and MUAs support it out of the box.
Is list of these availeble somewhere?
regards
--
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
htt
I read that they were able to redirect the traffic to their own machine,
and therefore perform an http-01 challenge like anyone else.
Which can effectively be mitigated by using DNSSEC, DANE and CAA.
Browser support for DANE is currently rather poor, but most MTAs and
MUAs support it out of th
On 10/22/23 9:08 AM, Slavko via mailop wrote:
Dňa 22. októbra 2023 12:50:52 UTC používateľ Philip Paeps
napísal:
Note that, as far as email is concerned, plaintext downgrade attacks are much
more likely than fraudulent certificates.
Hmm, and what about MUAs?
As Philip pointed out, DNS
SSL certificates do not, and have never, "protected against MiTM". The certificate authority trust
model can best be summarized as "someone else's DNS resolver and connection", it is not a statement
of who actually owns the domain or what server is actually supposed to be on the other end.
If y
I read that they were able to redirect the traffic to their own machine,
and therefore perform an http-01 challenge like anyone else.
Le dim. 22 oct. 2023 à 18:55, Alessandro Vesely via mailop <
mailop@mailop.org> a écrit :
> On Sun 22/Oct/2023 13:18:53 +0200 Hans-Martin Mosner via mailop wrote:
On Sun 22/Oct/2023 13:18:53 +0200 Hans-Martin Mosner via mailop wrote:
Am 22.10.23 um 12:23 schrieb Paul Menzel via mailop:
It was interesting and surprising to me, as the common perception is, that
SSL certificates protect against MiTM attacks as it should provide authenticity.
The weak poin
Dňa 22. októbra 2023 12:50:52 UTC používateľ Philip Paeps
napísal:
>Note that, as far as email is concerned, plaintext downgrade attacks are much
>more likely than fraudulent certificates.
Hmm, and what about MUAs?
regards
--
Slavko
https://www.slavino.sk/
_
On 2023-10-22 14:34:39 (+0530), Slavko via mailop wrote:
while not directly about email, recently was published details
about success MiTM attack against XMPP server, the attacker
was able to decrypt TLS communication without notice (from
both sides, the server and client) and was success for at
Use DANE, MTA-STS, TLSA, CCA (to restrict how certs can be issued to your
domain, restrict the LetsEncrypt account, method, etc), host your own DNS
and manage DNSSEC yourself.
Le dim. 22 oct. 2023 à 11:20, Slavko via mailop a
écrit :
> Hi all,
>
> while not directly about email, recently was pub
Am 22.10.23 um 12:23 schrieb Paul Menzel via mailop:
It was interesting and surprising to me, as the common perception is, that SSL certificates protect against MiTM
attacks as it should provide authenticity.
The weak point of SSL certificates is that clients are willing to accept new certs fo
Dear Mary,
Am 22.10.23 um 11:48 schrieb Mary via mailop:
from what I understand, this is a government issued wiretapping
against that specific services/servers (hosted by Hetzner and Linode
in Germany?) and not a general TLS exploit.
so nothing interesting or unique.
It was interesting and su
from what I understand, this is a government issued wiretapping against that
specific services/servers (hosted by Hetzner and Linode in Germany?) and not a
general TLS exploit.
so nothing interesting or unique.
On Sun, 22 Oct 2023 09:04:39 + Slavko via mailop wrote:
> Hi all,
>
> while
Hi all,
while not directly about email, recently was published details
about success MiTM attack against XMPP server, the attacker
was able to decrypt TLS communication without notice (from
both sides, the server and client) and was success for at least
three months, see
https://notes.valdiks
18 matches
Mail list logo
